Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Invoice #23078.pdf

Overview

General Information

Sample name:Invoice #23078.pdf
Analysis ID:1523654
MD5:05aa80f62a47e1a4dac83054c835e3bb
SHA1:d1597f07270ce840bc75687fcc70e7c3d7fe649a
SHA256:97f7f2c3f99fecfc9139f22b3309d16691210a72d607e84cade5aae0a812ce66
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6724 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Invoice #23078.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7156 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 1612 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1744,i,16956642348696961776,15655649527562002610,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.4:49759 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49759 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49759 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49759 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49759 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49759 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49759 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49759 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49759 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49759 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49759 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.4:49759
Source: global trafficTCP traffic: 192.168.2.4:49759 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49759 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.4:49759
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.4:49759
Source: global trafficTCP traffic: 192.168.2.4:49759 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.4:49759
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.4:49759
Source: global trafficTCP traffic: 192.168.2.4:49759 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49759 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.4:49759
Source: global trafficTCP traffic: 192.168.2.4:49759 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.4:49759
Source: global trafficTCP traffic: 192.168.2.4:49759 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.4:49759
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.4:49759
Source: global trafficTCP traffic: 192.168.2.4:49759 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49759 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.4:49759
Source: Joe Sandbox ViewIP Address: 23.56.162.185 23.56.162.185
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: classification engineClassification label: clean2.winPDF@14/42@1/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-01 16-20-34-583.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Invoice #23078.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1744,i,16956642348696961776,15655649527562002610,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1744,i,16956642348696961776,15655649527562002610,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Invoice #23078.pdfInitial sample: PDF keyword /JS count = 0
Source: Invoice #23078.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Invoice #23078.pdfInitial sample: PDF keyword startxref count = 5
Source: Invoice #23078.pdfInitial sample: PDF keyword stream count = 773
Source: Invoice #23078.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: Invoice #23078.pdfInitial sample: PDF keyword endobj count = 1977
Source: Invoice #23078.pdfInitial sample: PDF keyword endstream count = 773
Source: Invoice #23078.pdfInitial sample: PDF keyword obj count = 1977
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1523654 Sample: Invoice #23078.pdf Startdate: 01/10/2024 Architecture: WINDOWS Score: 2 14 x1.i.lencr.org 2->14 7 Acrobat.exe 17 72 2->7         started        process3 process4 9 AcroCEF.exe 108 7->9         started        process5 11 AcroCEF.exe 2 9->11         started        dnsIp6 16 23.56.162.185, 443, 49759 AKAMAI-ASUS United States 11->16

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Invoice #23078.pdf0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.1.drfalse
    • URL Reputation: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    23.56.162.185
    		unknownUnited States
    		16625AKAMAI-ASUSfalse

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1523654
    Start date and time:2024-10-01 22:19:13 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 4m 42s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowspdfcookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:21
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:Invoice #23078.pdf
    Detection:CLEAN
    Classification:clean2.winPDF@14/42@1/1
    Cookbook Comments:
    • Found application associated with file extension: .pdf
    • Found PDF document
    • Close Viewer

    Warnings

    • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 184.28.88.176, 2.19.126.143, 2.19.126.149, 52.5.13.197, 54.227.187.23, 52.202.204.11, 23.22.254.206, 172.64.41.3, 162.159.61.3, 2.23.197.184
    • Excluded domains from analysis (whitelisted): www.bing.com, dl.delivery.mp.microsoft.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, tse1.mm.bing.net, p13n.adobe.io, arc.msn.com, acroipm2.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
    • VT rate limit hit for: Invoice #23078.pdf

    Simulations

    Behavior and APIs

    TimeTypeDescription
    16:20:45API Interceptor1x Sleep call for process: AcroCEF.exe modified

    LLM Input / Output

    InputOutput
    URL: PDF document Model: jbxai
    {
"brand":["Wells Fargo"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    23.56.162.185Xkci1BfrmX.lnkGet hashmaliciousLonePageBrowse
      Snc2ZNvAZP.pdfGet hashmaliciousUnknownBrowse
        Purchase Order IBT LPO-2320.emlGet hashmaliciousUnknownBrowse
          Final_Contract_Copy-532392974.pdfGet hashmaliciousUnknownBrowse
            Cbequipment-Voice Audio Interface.pdfGet hashmaliciousHTMLPhisherBrowse
              Runbook - Carolinas Animal Hospital - 2022-05-25 11.28 UTC -04.00.pdfGet hashmaliciousUnknownBrowse
                Hajj_Advisory pdf lnk.lnkGet hashmaliciousUnknownBrowse
                  blockchair_statement.pdf.lnkGet hashmaliciousUnknownBrowse
                    Signed_Revised_Contract_See also 19_Lgunning_Carisls_Required_Signature.pdfGet hashmaliciousUnknownBrowse
                      Fatura.pdfGet hashmaliciousUnknownBrowse

                        Domains

                        No context

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        AKAMAI-ASUShttps://okefeokok.live/Get hashmaliciousUnknownBrowse
                        • 2.19.126.139
                        Google_Chrome.exeGet hashmaliciousLummaCBrowse
                        • 104.102.49.254
                        https://finalstepgetshere.com/uploads/beta111.zipGet hashmaliciousLummaC, Go Injector, LummaC StealerBrowse
                        • 104.102.49.254
                        vFjfAgq5PM.msiGet hashmaliciousAmadeyBrowse
                        • 2.19.126.136
                        moba-24.2-installer_M64ZB-1.exeGet hashmaliciousPureLog StealerBrowse
                        • 88.221.169.152
                        file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                        • 104.102.49.254
                        file.exeGet hashmaliciousLummaCBrowse
                        • 104.102.49.254
                        moba-24.2-installer_M64ZB-1.exeGet hashmaliciousPureLog StealerBrowse
                        • 184.28.90.27
                        Sales_Contract_Main_417053608_09.2024.pdfGet hashmaliciousUnknownBrowse
                        • 184.28.88.176
                        ZJh3V10O2e.exeGet hashmaliciousLummaCBrowse
                        • 104.102.49.254

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):289
                        Entropy (8bit):5.187536221045828
                        Encrypted:false
                        SSDEEP:6:4XRQi+q2Pwkn2nKuAl9OmbnIFUt8TXB32WZmw+TXB39VkwOwkn2nKuAl9OmbjLJ:4BQi+vYfHAahFUt8Tx32W/+Tx39V5JfC
                        MD5:78CC519C25922A5639A56D537A46E595
                        SHA1:02807F2C7D842053EC3619048E55223E3BD777FA
                        SHA-256:AECF2B4F5BEAA5DF87661B935CBCE69D800852133232899C0666D1CE22E5E979
                        SHA-512:20A420AFA56165FE193034C1F892698E1FC35D4AC0C10159240D812C7426E57F50F8902D6C2ED8AE6BAFD44608A8551DD1A47FB80A42EE208F069BC3DF72DFE3
                        Malicious:false
                        Reputation:low
                        Preview:2024/10/01-16:20:32.427 15c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/01-16:20:32.429 15c Recovering log #3.2024/10/01-16:20:32.429 15c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):289
                        Entropy (8bit):5.187536221045828
                        Encrypted:false
                        SSDEEP:6:4XRQi+q2Pwkn2nKuAl9OmbnIFUt8TXB32WZmw+TXB39VkwOwkn2nKuAl9OmbjLJ:4BQi+vYfHAahFUt8Tx32W/+Tx39V5JfC
                        MD5:78CC519C25922A5639A56D537A46E595
                        SHA1:02807F2C7D842053EC3619048E55223E3BD777FA
                        SHA-256:AECF2B4F5BEAA5DF87661B935CBCE69D800852133232899C0666D1CE22E5E979
                        SHA-512:20A420AFA56165FE193034C1F892698E1FC35D4AC0C10159240D812C7426E57F50F8902D6C2ED8AE6BAFD44608A8551DD1A47FB80A42EE208F069BC3DF72DFE3
                        Malicious:false
                        Reputation:low
                        Preview:2024/10/01-16:20:32.427 15c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/01-16:20:32.429 15c Recovering log #3.2024/10/01-16:20:32.429 15c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):333
                        Entropy (8bit):5.187176079330177
                        Encrypted:false
                        SSDEEP:6:4XDFdxq2Pwkn2nKuAl9Ombzo2jMGIFUt8TXYcLJZmw+TXBFqzkwOwkn2nKuAl9OU:4TxvYfHAa8uFUt8TIcLJ/+TjS5JfHAaU
                        MD5:AACC854099654815B3B6809F4DA13EE4
                        SHA1:C1E19FED029CCD2ABBE39557AA37EF913CA3CD45
                        SHA-256:09226BD01215005731710E45C7BEB740366F1041384B901F833D4C5D0E0F2B98
                        SHA-512:21330FDB5DB1E9E9FA546B3E0F67D407B434E7D94CC73A07192BBE82F7797518D798E8870BEC1DBC58FA784681091B8733F7A35725D9C953A5CD10AC14DD3B3F
                        Malicious:false
                        Reputation:low
                        Preview:2024/10/01-16:20:32.491 894 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/01-16:20:32.492 894 Recovering log #3.2024/10/01-16:20:32.493 894 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):333
                        Entropy (8bit):5.187176079330177
                        Encrypted:false
                        SSDEEP:6:4XDFdxq2Pwkn2nKuAl9Ombzo2jMGIFUt8TXYcLJZmw+TXBFqzkwOwkn2nKuAl9OU:4TxvYfHAa8uFUt8TIcLJ/+TjS5JfHAaU
                        MD5:AACC854099654815B3B6809F4DA13EE4
                        SHA1:C1E19FED029CCD2ABBE39557AA37EF913CA3CD45
                        SHA-256:09226BD01215005731710E45C7BEB740366F1041384B901F833D4C5D0E0F2B98
                        SHA-512:21330FDB5DB1E9E9FA546B3E0F67D407B434E7D94CC73A07192BBE82F7797518D798E8870BEC1DBC58FA784681091B8733F7A35725D9C953A5CD10AC14DD3B3F
                        Malicious:false
                        Reputation:low
                        Preview:2024/10/01-16:20:32.491 894 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/01-16:20:32.492 894 Recovering log #3.2024/10/01-16:20:32.493 894 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):475
                        Entropy (8bit):4.962298324517204
                        Encrypted:false
                        SSDEEP:12:YH/um3RA8sqoShsBdOg2H4caq3QYiubInP7E4T3y:Y2sRds7dMHz3QYhbG7nby
                        MD5:72095C884E844720EA6B537F229B57CC
                        SHA1:2E6CA6207F92289C5F8125431470081FA30F4256
                        SHA-256:A08A7F6C98AFECB9208A6DB728D83126529B3CE8E7914C3E5F72D0A5F9917F67
                        SHA-512:670D5A256BE5BB6670DEA92C21235767DF1FB0E4BAE245C0AAD1017802F30C8A905913ECF4D0C07DB0ECDAE23F3F55681CF155181F659CCD6902115C4DBB68EC
                        Malicious:false
                        Reputation:low
                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372374045033194","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":171212},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c536468c-432b-452e-b305-a4edc4e15403.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:JSON data
                        Category:modified
                        Size (bytes):475
                        Entropy (8bit):4.962298324517204
                        Encrypted:false
                        SSDEEP:12:YH/um3RA8sqoShsBdOg2H4caq3QYiubInP7E4T3y:Y2sRds7dMHz3QYhbG7nby
                        MD5:72095C884E844720EA6B537F229B57CC
                        SHA1:2E6CA6207F92289C5F8125431470081FA30F4256
                        SHA-256:A08A7F6C98AFECB9208A6DB728D83126529B3CE8E7914C3E5F72D0A5F9917F67
                        SHA-512:670D5A256BE5BB6670DEA92C21235767DF1FB0E4BAE245C0AAD1017802F30C8A905913ECF4D0C07DB0ECDAE23F3F55681CF155181F659CCD6902115C4DBB68EC
                        Malicious:false
                        Reputation:low
                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372374045033194","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":171212},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):4730
                        Entropy (8bit):5.2531204745190605
                        Encrypted:false
                        SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7X2572lZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goR
                        MD5:DF600CFE70A002FB2C000E7B0B0BCA74
                        SHA1:4415905284D35ABFD6CB887E6409D62E58460AF4
                        SHA-256:62A1E606D640DB38222501FD2DD8EA2B3FD53AC1CC3A8156E06AF089CD469E87
                        SHA-512:A9DA2F2C753A2F8BFE2D7A1865B6FC489F4AA409966B273A3AAAFBCC9B2AF0D6C2315387C15ECD110A2305E54C9F9FFA279FE4A3A31886A102262FFF865D66F0
                        Malicious:false
                        Reputation:low
                        Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):321
                        Entropy (8bit):5.195900453527473
                        Encrypted:false
                        SSDEEP:6:4XEq2Pwkn2nKuAl9OmbzNMxIFUt8TXnFZZmw+TX3MkwOwkn2nKuAl9OmbzNMFLJ:4UvYfHAa8jFUt8TXFZ/+THM5JfHAa84J
                        MD5:25A790D35A2591537A53D601531FAE5E
                        SHA1:35EDE3870D431B5E2C4FBC533F6858F3B1586164
                        SHA-256:02D1E74456419BF1B5A7674E8C7E7548B4D27C801273628FEACAD435BAD12FA2
                        SHA-512:1F66AA3F1C7B42C8A776F24467D6CC1EC6A5A556470D7762B35706049174F01E37C0F13879B52BC62AD9D49A6B2E5E19A1113EA890111B58757682D7D72537D9
                        Malicious:false
                        Reputation:low
                        Preview:2024/10/01-16:20:32.638 894 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/01-16:20:32.643 894 Recovering log #3.2024/10/01-16:20:32.644 894 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):321
                        Entropy (8bit):5.195900453527473
                        Encrypted:false
                        SSDEEP:6:4XEq2Pwkn2nKuAl9OmbzNMxIFUt8TXnFZZmw+TX3MkwOwkn2nKuAl9OmbzNMFLJ:4UvYfHAa8jFUt8TXFZ/+THM5JfHAa84J
                        MD5:25A790D35A2591537A53D601531FAE5E
                        SHA1:35EDE3870D431B5E2C4FBC533F6858F3B1586164
                        SHA-256:02D1E74456419BF1B5A7674E8C7E7548B4D27C801273628FEACAD435BAD12FA2
                        SHA-512:1F66AA3F1C7B42C8A776F24467D6CC1EC6A5A556470D7762B35706049174F01E37C0F13879B52BC62AD9D49A6B2E5E19A1113EA890111B58757682D7D72537D9
                        Malicious:false
                        Reputation:low
                        Preview:2024/10/01-16:20:32.638 894 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/01-16:20:32.643 894 Recovering log #3.2024/10/01-16:20:32.644 894 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241001202037Z-178.bmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                        Category:dropped
                        Size (bytes):71190
                        Entropy (8bit):0.973465780341572
                        Encrypted:false
                        SSDEEP:96:F81UDCh7hGWLcYawll1zHJeUETkR32cqOb:F8lhraKR32tOb
                        MD5:4F23F8E55E1FB0B81A7BFD1C5CB98313
                        SHA1:64C7F429678D47416771BA7A4346A287E2B3A1B3
                        SHA-256:AB549DDB947E1C10501AD880672B5FA6112C58E359100F8E2F49379B478582B7
                        SHA-512:9B8B60548716DB7D2F53BB55813865E171D1E37E5D8D1349A9809C114AFDDF11E6AAD0CBA62314469D34CCAE6C95936D08434058155A01FEC2B7997E6328F0F6
                        Malicious:false
                        Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                        Category:dropped
                        Size (bytes):86016
                        Entropy (8bit):4.444930560670635
                        Encrypted:false
                        SSDEEP:384:yezci5t+iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rRs3OazzU89UTTgUL
                        MD5:5A68CD7918ED30214787EC68FB815410
                        SHA1:93BAFDEF4DD06432A4AF34D2FDA6DBB79E815980
                        SHA-256:D6BE7381B8EFA6F364FF1F26501DF780501ACDE3968DC6714A6757097F6A87A7
                        SHA-512:1080E1E77FDB57A748F8B5722A6676F81130B7CD54B8F07A6A4C474F73A61FD93297D0BDDF7ABC37E7146B738A7B75C6E60EE4C4FCE2C7DD5B1A4A67376823AE
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite Rollback Journal
                        Category:dropped
                        Size (bytes):8720
                        Entropy (8bit):3.7750152360076896
                        Encrypted:false
                        SSDEEP:48:7MuXp/E2ioyVfioy9oWoy1Cwoy1jKOioy1noy1AYoy1Wioy1hioybioynoy1noyq:7JXpjufFWXKQOqb9IVXEBodRBkT
                        MD5:3FECDEF7800F5D273E233F176AE3BB4C
                        SHA1:18F30B64A6A3459D4BF452FD13392959B9683B1E
                        SHA-256:E7816515ED313156C463C4021CBC66C39E9992A20C1367814A94A02BF06CF465
                        SHA-512:7321FEB0670CC259E20AC6B4FE4F2FC2B9C2D544ADF49B386E7418CE6140722AA407E2F309080A7FF56B75C65B690DB50660D14E7EC350528CADCCCC36442CE3
                        Malicious:false
                        Preview:.... .c.....=..W...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:Certificate, Version=3
                        Category:dropped
                        Size (bytes):1391
                        Entropy (8bit):7.705940075877404
                        Encrypted:false
                        SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                        MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                        SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                        SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                        SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                        Malicious:false
                        Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):192
                        Entropy (8bit):2.7321365340992054
                        Encrypted:false
                        SSDEEP:3:kkFklHApblfllXlE/HT8ksHzvNNX8RolJuRdxLlGB9lQRYwpDdt:kKfpbmT8hVNMa8RdWBwRd
                        MD5:6CACCC85E7D2FE2114387A8A8E13FBE0
                        SHA1:A2328C101BD1BB4E06EB808E22C0652D114C68D7
                        SHA-256:EEC3F79A649894808E95F17059E821606EAA53974CD8C8E27B404FBDA25357A0
                        SHA-512:B8DE265EF3EA69A4C0652CEF681A7A8540A689C509549ED2F64144EC2173AB4E01D71C5B9EBB16130541CD627A9580F21790013A2F1F3BF9EA55B67A9C979221
                        Malicious:false
                        Preview:p...... ........t%Re?...(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):295
                        Entropy (8bit):5.350522874237589
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXPCbVVwxBVoZcg1vRcR0Yv6VeoAvJM3g98kUwPeUkwRe9:YvXKXP8VOiZc0vG6VVGMbLUkee9
                        MD5:84490514E220E781FE8769B146EC48D9
                        SHA1:C08EDAA7627DCB30FADFF81E2C195C1388AE9E2B
                        SHA-256:09A4108813A3DA32E52972D592BFDAE9BBA745F099C1C3CE699C1D5396513F91
                        SHA-512:6296FFB9177DC9B9C27558738A442A554A471C0C5D7CD594A4AC880DD9E5068A954234887538FC20D8FC676ECC9FDFC64EE6426F5F9C2D1FC2662238187AC928
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"ffea5748-9e2c-4b46-9f09-15c9519fb680","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727992494130,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):294
                        Entropy (8bit):5.297961536209902
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXPCbVVwxBVoZcg1vRcR0Yv6VeoAvJfBoTfXpnrPeUkwRe9:YvXKXP8VOiZc0vG6VVGWTfXcUkee9
                        MD5:CD22F20C67643F5C29B87ACD4CAE7F4E
                        SHA1:BD74F0330F2A9A516E3987278E5F8604032FDA7A
                        SHA-256:6BCA10083A0F1C1527CBB6FEC092D91CFA68F66B6DBE75B3D750D4C129647F83
                        SHA-512:BB8901CF71F486FD28CD22553A45FBB98C3739275E9A354AFDC9FCE9ACB89B19975252197877EC1B2D64E4E7F875DA166C1F0A5133C18E5FCBBE072B59F68BC3
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"ffea5748-9e2c-4b46-9f09-15c9519fb680","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727992494130,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):294
                        Entropy (8bit):5.276509852735908
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXPCbVVwxBVoZcg1vRcR0Yv6VeoAvJfBD2G6UpnrPeUkwRe9:YvXKXP8VOiZc0vG6VVGR22cUkee9
                        MD5:40C5DE3A7E9FD242FA04FE5EF6979CC6
                        SHA1:D64C38A3E460F636A637500D52607CEE52E5D8ED
                        SHA-256:C16814FDA4693C46AF48AD5254C57D9B23D5809E287B5A9DA0C7E519878F2E82
                        SHA-512:10EA49AF565C574E3F8D7555C257C36AA2C0B27573F85BDCE8C650148D92CD8B3E32C0BD45B390F2F9480ABB7D7D9022CF6E4350DA9B0FB09C82683ED968F48F
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"ffea5748-9e2c-4b46-9f09-15c9519fb680","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727992494130,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):285
                        Entropy (8bit):5.337082836149253
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXPCbVVwxBVoZcg1vRcR0Yv6VeoAvJfPmwrPeUkwRe9:YvXKXP8VOiZc0vG6VVGH56Ukee9
                        MD5:CCCD792E79EF7698E142D8522299FE0B
                        SHA1:15055BA4D5DD5ABC5C4A395B078AEF2B9B61255E
                        SHA-256:998EA82A7458FE342DDB185F275970E7AECA41E0A39E0E58F65B02892475558B
                        SHA-512:E984A7CDE58BDAB102CD7BCD1715BEED8FABEBC70A96B8EBE20F7BC8601442689EEA90ADB617FFC1101D0DAC392D53EA7E0F5FE3EBE0A749B22332FFBD97EE80
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"ffea5748-9e2c-4b46-9f09-15c9519fb680","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727992494130,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1063
                        Entropy (8bit):5.668944193487054
                        Encrypted:false
                        SSDEEP:24:Yv6XPgHzvGa6pLgEFqciGennl0RCmK8czOCY4w2V:YvIgTmhgLtaAh8cvYvq
                        MD5:118058A5260BC84C037AC08ECD7B3DBA
                        SHA1:D8A9CE156ED0F58D563536B5BE94CE2B24B2911E
                        SHA-256:E323D100F74EC2114D38C8207A3368774AE7AE96C0F8CD9BA8C74A3C414D325A
                        SHA-512:6C023D89F879F324115CC8F822CD39FAF7CCBE4124527E68E28E4E7F225D413F4A24DF67C5A0CB97048D4EC4AC153FEE1551F632621647509998D76F247E31C5
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"ffea5748-9e2c-4b46-9f09-15c9519fb680","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727992494130,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1050
                        Entropy (8bit):5.656614442116559
                        Encrypted:false
                        SSDEEP:24:Yv6XPgHzvGacVLgEF0c7sbnl0RCmK8czOCYHflEpwiVV:YvIgTQFg6sGAh8cvYHWpwU
                        MD5:B338C028998F8101DE2AAEE71AFD8692
                        SHA1:6111560BCA470ACC3A54EE57775E654DB8B78FED
                        SHA-256:181E480AFD426F1F746192BED24F44CBBF8F9432148A006E9152AFAE65A9A72E
                        SHA-512:3CF1263BE169C74C71070E756FEE6EEE9F097149F82D1258BF88FD6C882A64C4213A907281C2E9271C59DEF430DEC01E7914B49CDD04465F312F3A69415A652A
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"ffea5748-9e2c-4b46-9f09-15c9519fb680","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727992494130,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):292
                        Entropy (8bit):5.290346179961023
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXPCbVVwxBVoZcg1vRcR0Yv6VeoAvJfQ1rPeUkwRe9:YvXKXP8VOiZc0vG6VVGY16Ukee9
                        MD5:78BC43089C406125A123FDACEA1DD470
                        SHA1:503D6FD675994DEC2A66037A5AA38EAC010EBE6F
                        SHA-256:03BEE7A25B9DA1B3DAC0F289BF0C6B13E4E146CBBA92C99CE75A84F443D9659E
                        SHA-512:DFEE147AC6904B18B38697E55F5A61F9FCA06D534B188C2BCA8EEBFEE365F12BA133D3B7EDF5E4D34AE0AF2CB48AE8530580ACEE45CCAC05D516F55304A396BF
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"ffea5748-9e2c-4b46-9f09-15c9519fb680","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727992494130,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1038
                        Entropy (8bit):5.650104395079047
                        Encrypted:false
                        SSDEEP:24:Yv6XPgHzvGaB2LgEF7cciAXs0nl0RCmK8czOCAPtciBV:YvIgT1ogc8hAh8cvAP
                        MD5:A3E44E0F217D6BB2113F73BDF25B0371
                        SHA1:08E92A49BD7CA19CE6616F31434D2A7A4880E9E0
                        SHA-256:FAFE2BAAEFA23CF26156515E2B1807415F3FEED95FCC64F13D665EA7B9122F81
                        SHA-512:5F9CD851075E40D61DFFF2CDFF4D33C5B9F0E2DABBCD94F45972CB8E4C8AA799C782216C752C0984EFA56FA39D5F57407EACC91FCAFDCD21BC1B6DDF913EDDB9
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"ffea5748-9e2c-4b46-9f09-15c9519fb680","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727992494130,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1164
                        Entropy (8bit):5.7029347506264845
                        Encrypted:false
                        SSDEEP:24:Yv6XPgHzvGaBKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5V:YvIgTdEgqprtrS5OZjSlwTmAfSK7
                        MD5:3632293993B95E36FE4D233E5ED61D2E
                        SHA1:968D4CF0A90D1256720D3FE1366CCC9617419824
                        SHA-256:A384A4D7EA449D2D1B5ACEA377935BDE3AE61101E1CA4684F89F9A4549EFAF27
                        SHA-512:77F144CB81BFBD42935E2B1ED421F449777E934E660421067BFD04733666425226F4000DB810C6310791CB682CD9DB76AB315EDACC846B174316661F7D1AE89E
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"ffea5748-9e2c-4b46-9f09-15c9519fb680","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727992494130,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):289
                        Entropy (8bit):5.292907726485275
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXPCbVVwxBVoZcg1vRcR0Yv6VeoAvJfYdPeUkwRe9:YvXKXP8VOiZc0vG6VVGg8Ukee9
                        MD5:90325378EB2D8C7425258E6062D4C063
                        SHA1:DF343A829659D5E43AE237C5386E55DFEBAE6F7C
                        SHA-256:76091EB142A38CB8ACD39A7C92F7886D3D9F81CEC9C7395297C0F6E0099989A6
                        SHA-512:CC326044891B978319C80A8BE7AA2DB18E1D56D61EE8C4325B1BA6883E92B4677FE9E2840F41735DDF457B05256CEECAC76048D0E31DA3F91A677512014A976C
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"ffea5748-9e2c-4b46-9f09-15c9519fb680","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727992494130,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1395
                        Entropy (8bit):5.778361128153731
                        Encrypted:false
                        SSDEEP:24:Yv6XPgHzvGaMrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN9:YvIgTgHgDv3W2aYQfgB5OUupHrQ9FJ7
                        MD5:5F3CE6D24D53CD8BF960022053CB1755
                        SHA1:D4F2F8D4116974FC91E7E05A128DB8CE89356C86
                        SHA-256:CA9E33CA213013B4D4F7CC7C021D4CC30AD8E11BABA26B364F1BF79B2EA2AF5D
                        SHA-512:97460527D3D411007A2747E41B67DB1F25F41AA2391E5283C53D2C8AE04320CDC0E80AE9E418E704FC82D6F52B807F862EEE0C806D385CDE5AABAB8E532AC8E0
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"ffea5748-9e2c-4b46-9f09-15c9519fb680","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727992494130,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):291
                        Entropy (8bit):5.276503568307008
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXPCbVVwxBVoZcg1vRcR0Yv6VeoAvJfbPtdPeUkwRe9:YvXKXP8VOiZc0vG6VVGDV8Ukee9
                        MD5:37855BE728E1F88C0D27BD0F493C83B2
                        SHA1:D13FA243A2E0397F838958D41E0584AF5C21CEB6
                        SHA-256:8FA75F2D3322FFABEFC3747B0F6F3FFD2CE1FA581BD8FC5177792013CC9C7958
                        SHA-512:6DE49CD9B6496787F3700403991E86E269582F3BD9306E2D740DE68294A5AAB2ACE693F5D46EC521C78214BF956D209FE3AC5A42C95C0B19486BBA3C096DA00A
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"ffea5748-9e2c-4b46-9f09-15c9519fb680","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727992494130,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):287
                        Entropy (8bit):5.280742472675458
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXPCbVVwxBVoZcg1vRcR0Yv6VeoAvJf21rPeUkwRe9:YvXKXP8VOiZc0vG6VVG+16Ukee9
                        MD5:1C1D1B4D3775A3F73AA82F80967E3AAF
                        SHA1:71F16063AC04FE288BA314F55F37BF2ED481C224
                        SHA-256:D4131779B9F973CA7345CBF9FEE6C897D9F05B38D5668EFF300013C4F37D82F8
                        SHA-512:F9A489ABEF169EE28499D379A33B257DCC0FB6C48EC8A1D78B9AA435BC9136EA6AF7842FA7DBF4660E56179843B5AD6E29961C22501B8F3BCE86904F39FE1222
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"ffea5748-9e2c-4b46-9f09-15c9519fb680","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727992494130,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1058
                        Entropy (8bit):5.656736340312317
                        Encrypted:false
                        SSDEEP:24:Yv6XPgHzvGamamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BV:YvIgT0BguOAh8cv+NKC
                        MD5:B96B6C8B1B25233CB59A0D7798692007
                        SHA1:DF742997207715321B64E0F9ACE1972EA767E4EE
                        SHA-256:549DA993C0BE5B296528E86026442A4C970B1C23282B83C3254502CA27912177
                        SHA-512:9C0E02ACE3B0F8C13E9B4DCB9968176AA5C30B9CAF794A9C3452590BB8745FBF95502BEEDC8CFE884B9CF872C9CD91058A19B6363502CD9D0D60867A021FBDA1
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"ffea5748-9e2c-4b46-9f09-15c9519fb680","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727992494130,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):286
                        Entropy (8bit):5.258963515123824
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXPCbVVwxBVoZcg1vRcR0Yv6VeoAvJfshHHrPeUkwRe9:YvXKXP8VOiZc0vG6VVGUUUkee9
                        MD5:60DAF829543334CECEBEB948155C51DC
                        SHA1:117DC9E64CD38C31F803690D096243E4EF0F2AAC
                        SHA-256:03B038E61B937A51153048282DD934571AED6F54DE2C9B84364B261055E934EA
                        SHA-512:7546F70458E44216A1897C77570BFD0F3032F929953FDF5C315255D71A947592EA4829A6BBE3CF05E3ACF0A5DAC3B73781CE04AF1C415DDC99A83A07B402A82F
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"ffea5748-9e2c-4b46-9f09-15c9519fb680","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727992494130,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):782
                        Entropy (8bit):5.3710030986100445
                        Encrypted:false
                        SSDEEP:12:YvXKXP8VOiZc0vG6VVGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWB:Yv6XPgHzvGax168CgEXX5kcIfANhU
                        MD5:6C0AD9723A4F25CF743C2BD6C93985AA
                        SHA1:EBD3905899740AAAFC33CB729438B8E4A0C71358
                        SHA-256:9A7213BF1B3AC55363402EBC1127E4C6366C7B478D035B4256FC250F13CC198D
                        SHA-512:E77495816BDB33D5A224F26016F7616383F6E5DB46ED6E0BD949EAEF5E4381AE06AE7376A89BFC220B7A30BB2F11778B5DC8086F91ECFF20648066EB0036F0F7
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"ffea5748-9e2c-4b46-9f09-15c9519fb680","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727992494130,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1727814039167}}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):4
                        Entropy (8bit):0.8112781244591328
                        Encrypted:false
                        SSDEEP:3:e:e
                        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                        Malicious:false
                        Preview:....

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):2818
                        Entropy (8bit):5.136190493029926
                        Encrypted:false
                        SSDEEP:24:YdB1P4XaMayv223d+jrSC7c/j2EyIUxMrokjz78j0S4zVCk2WGx2LSyz7589D5mz:YDLmMjGOc/RyINNHOGzPGxIz7O9D5o
                        MD5:942E15035CAFA5EB5E7FBBB9A71AA24A
                        SHA1:A32099206AECE5159F1008CCDC83833F8FD42CC9
                        SHA-256:32795F1A9D98070AC2932439E9AA44A9FF87F023857B751DFF658226FFBC59D9
                        SHA-512:0DE1EC38B3DA45C5A903ED0575CF0BCBBAC879D2E067AD9D61102DF3B02D3D79335D748208894C964CE05A80A014826DF25B81AA399A34F9882A662CF92E0DCB
                        Malicious:false
                        Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"1583a45f0330e94bfc216dc59201ea1e","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1727814038000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"ce2b167a72bbbb890dc878fbd78df691","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1727814038000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"64b9d0c8713e057fbc1879993f7ae6e6","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1727814038000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"94cdfb1b3703e4c390223d62eeed9840","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1727814038000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"2cbd4befd5b313e4c494a8cb2272de30","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1727814038000},{"id":"Edit_InApp_Aug2020","info":{"dg":"2815746e709f62f0ca2ce08ab8fbad45","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                        Category:dropped
                        Size (bytes):12288
                        Entropy (8bit):1.1877234294846482
                        Encrypted:false
                        SSDEEP:48:TGufl2GL7msEHUUUUUUUUHWSvR9H9vxFGiDIAEkGVvpzQ:lNVmswUUUUUUUU2+FGSItw
                        MD5:791637F2224A9B76D954CDFB17AB1A6E
                        SHA1:8E3EEBDE0B884DBD89BFD4FAE8DA54C43C4A46FD
                        SHA-256:37691AD663CB4FD19A3E650DDC588D228FDB3BDABE712541D93F197847A000FD
                        SHA-512:E40E47FEB49825141577B8AB498DF2898FF8C4F2F98F751FD14C1AD3A764DD6ADBE08D77CC741F5AB4D77069DD56B28677C1959926FBED0BCC1974FD0D145273
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite Rollback Journal
                        Category:dropped
                        Size (bytes):8720
                        Entropy (8bit):1.6082130150136487
                        Encrypted:false
                        SSDEEP:48:7MfqKUUUUUUUUUUH0vR9H9vxFGiDIAEkGVvWqFl2GL7msc:7SxUUUUUUUUUUEFGSItsKVmsc
                        MD5:0744EDC506224A970A9C30B3CB924E18
                        SHA1:39A34135349737FFB25210740FAAD06228CA3AC1
                        SHA-256:AEADB4CD33C8DC5ABB25089B7629AC9E9060226C3EF29A98EAA35546622BECD6
                        SHA-512:F81499F88A819D0E51EFDEB5FEDEE01E8A29ADEC3A5E9C8519397FE71D630A510EB93494CD267EDEDE1293EB960AB28FF6612FB3FEACAE709ACAB47FCAF6F979
                        Malicious:false
                        Preview:.... .c..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\MSId01bc.LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):246
                        Entropy (8bit):3.4965336456103326
                        Encrypted:false
                        SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K80QRqrN8YH:Qw946cPbiOxDlbYnuRKFN8YH
                        MD5:7229DDFE260074172148F13103B4DA01
                        SHA1:369CBFF97C4A9838347A0FA191A1B78AB27535BC
                        SHA-256:DC0C28431D0596AAB971073DF7038D9B6EEC4C29ACF59268EFB1C71EAB412EE7
                        SHA-512:A80AB66AAD75F2A0118BC2528897D66E6BE5F1CE906A024CCC0D7D5AE1B3A35881F87D4ABD45122B1B750C6ED95CB3A04DFA8F92837FB72635AF80F17B81BE4A
                        Malicious:false
                        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.1./.1.0./.2.0.2.4. . .1.6.:.2.0.:.4.0. .=.=.=.....

                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-01 16-20-34-583.log

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:ASCII text, with very long lines (393)
                        Category:dropped
                        Size (bytes):16525
                        Entropy (8bit):5.345946398610936
                        Encrypted:false
                        SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                        MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                        SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                        SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                        SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                        Malicious:false
                        Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:ASCII text, with very long lines (393), with CRLF line terminators
                        Category:dropped
                        Size (bytes):15114
                        Entropy (8bit):5.333885095499786
                        Encrypted:false
                        SSDEEP:384:+mE7ctq/hyF+YrZM3lIlprIhtGPrxt5sADYSUrW0wWO/xK5K4JgC4V4pMnd925xn:G4q
                        MD5:B8AA7FDD695A4761A3FD95BFE3F28A80
                        SHA1:79EDCA9305C2C506F65725AC4F1E8A0F607E71DF
                        SHA-256:6E8A1DBB20D5CCB1BE8BB54B382597FB087F0BECE38ADEA2B964571CAAA70CA1
                        SHA-512:F09A896CDE5D5E098E33D6F1EDE808E646347DFEC06C671288C7C35751D8D62CFC85431A00296F9C45AA4D7C16B2192BD6A78BE810637A6FE76161F2BE00E7BC
                        Malicious:false
                        Preview:SessionID=4ede3cbc-ca9e-4e9b-a081-4fa78492549b.1727814034593 Timestamp=2024-10-01T16:20:34:593-0400 ThreadID=7148 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=4ede3cbc-ca9e-4e9b-a081-4fa78492549b.1727814034593 Timestamp=2024-10-01T16:20:34:611-0400 ThreadID=7148 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=4ede3cbc-ca9e-4e9b-a081-4fa78492549b.1727814034593 Timestamp=2024-10-01T16:20:34:611-0400 ThreadID=7148 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=4ede3cbc-ca9e-4e9b-a081-4fa78492549b.1727814034593 Timestamp=2024-10-01T16:20:34:611-0400 ThreadID=7148 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=4ede3cbc-ca9e-4e9b-a081-4fa78492549b.1727814034593 Timestamp=2024-10-01T16:20:34:611-0400 ThreadID=7148 Component=ngl-lib_NglAppLib Description="SetConf

                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):29752
                        Entropy (8bit):5.379766766920301
                        Encrypted:false
                        SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r+:K
                        MD5:8F6A39EE1D53B1ABA653C6C3BEF11850
                        SHA1:ABE7239E1C65CA2A91DAEBDFDDBCDCFEF667CA6A
                        SHA-256:B8D07599623CC10A1377BF8FE1CB8F40B59E57DBE25817C28CE9523CFDF00D18
                        SHA-512:539D3D230E546C2BD95328CD369E405687D1782110B9DA9F6383F45D93DEA69AD247AFD2F8019F64BAF0DE53242F52457FC68293B8E60ED2F6CB79D25CC226E2
                        Malicious:false
                        Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                        C:\Users\user\AppData\Local\Temp\acrocef_low\4f5f386f-dd85-44c9-973b-50bb65ed4449.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                        Category:dropped
                        Size (bytes):1407294
                        Entropy (8bit):7.97605879016224
                        Encrypted:false
                        SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                        MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                        SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                        SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                        SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                        Malicious:false
                        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                        C:\Users\user\AppData\Local\Temp\acrocef_low\6cff2a11-a1cb-48e5-a228-c74b2848c8ad.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                        Category:dropped
                        Size (bytes):386528
                        Entropy (8bit):7.9736851559892425
                        Encrypted:false
                        SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                        MD5:5C48B0AD2FEF800949466AE872E1F1E2
                        SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                        SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                        SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                        Malicious:false
                        Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                        C:\Users\user\AppData\Local\Temp\acrocef_low\8b76b0c9-628c-42bc-935e-c7a14fcab065.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                        Category:dropped
                        Size (bytes):758601
                        Entropy (8bit):7.98639316555857
                        Encrypted:false
                        SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                        MD5:3A49135134665364308390AC398006F1
                        SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                        SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                        SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                        Malicious:false
                        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                        C:\Users\user\AppData\Local\Temp\acrocef_low\b21ace82-b710-4e6e-bd89-00c0e54430ca.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                        Category:dropped
                        Size (bytes):1419751
                        Entropy (8bit):7.976496077007677
                        Encrypted:false
                        SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                        MD5:18E3D04537AF72FDBEB3760B2D10C80E
                        SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                        SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                        SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                        Malicious:false
                        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                        Static File Info

                        General

                        File type:PDF document, version 1.7
                        Entropy (8bit):7.899307529866073
                        TrID:
                        • Adobe Portable Document Format (5005/1) 100.00%
                        File name:Invoice #23078.pdf
                        File size:2'906'528 bytes
                        MD5:05aa80f62a47e1a4dac83054c835e3bb
                        SHA1:d1597f07270ce840bc75687fcc70e7c3d7fe649a
                        SHA256:97f7f2c3f99fecfc9139f22b3309d16691210a72d607e84cade5aae0a812ce66
                        SHA512:2187e64ce661f6bf5ff89d7acb67772d4b639e778fbd63f4b4e42c8653ac20089695c1bd9a467da366ec12db5ff5bb15f95f5fbca34c79a916c7c36633366529
                        SSDEEP:49152:zeU0b0d0vow8ZJUNhBujTjvdhSq98lSdC0H:VU4AopjUMvJhSjodCu
                        TLSH:77D5C038BF91AD0EE946C0B1E228E8934FCD9277316974817D1C495B08E6D81F6E739E
                        File Content Preview:%PDF-1.7.%......4 0 obj.<</Filter /FlateDecode /Length 13267 >>.stream.x..}[....&.y....>.S.3X.a.Jy.....v|.u.%..?....c..I.........>].Y.YI.Z.(...T}...q.....>......?.........v......O;)....._..1......j.....O_.M.9..do7n#...?.?"....>.......OE.....2.^.O.....R:..

                        File Icon

                        Icon Hash:62cc8caeb29e8ae0

                        Static PDF Info

                        General

                        Header:%PDF-1.7
                        Total Entropy:7.899308
                        Total Bytes:2906528
                        Stream Entropy:7.987052
                        Stream Bytes:2548417
                        Entropy outside Streams:4.979142
                        Bytes outside Streams:358111
                        Number of EOF found:5
                        Bytes after EOF:

                        Keywords Statistics

                        NameCount
                        obj1977
                        endobj1977
                        stream773
                        endstream773
                        xref0
                        trailer0
                        startxref5
                        /Page7
                        /Encrypt0
                        /ObjStm0
                        /URI0
                        /JS0
                        /JavaScript0
                        /AA0
                        /OpenAction0
                        /AcroForm0
                        /JBIG2Decode0
                        /RichMedia0
                        /Launch0
                        /EmbeddedFile0

                        Network Behavior

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Oct 1, 2024 22:20:45.819216013 CEST49759443192.168.2.423.56.162.185
                        Oct 1, 2024 22:20:45.819250107 CEST4434975923.56.162.185192.168.2.4
                        Oct 1, 2024 22:20:45.819320917 CEST49759443192.168.2.423.56.162.185
                        Oct 1, 2024 22:20:45.819534063 CEST49759443192.168.2.423.56.162.185
                        Oct 1, 2024 22:20:45.819549084 CEST4434975923.56.162.185192.168.2.4
                        Oct 1, 2024 22:20:46.449428082 CEST4434975923.56.162.185192.168.2.4
                        Oct 1, 2024 22:20:46.449755907 CEST49759443192.168.2.423.56.162.185
                        Oct 1, 2024 22:20:46.449783087 CEST4434975923.56.162.185192.168.2.4
                        Oct 1, 2024 22:20:46.450856924 CEST4434975923.56.162.185192.168.2.4
                        Oct 1, 2024 22:20:46.450948000 CEST49759443192.168.2.423.56.162.185
                        Oct 1, 2024 22:20:46.456881046 CEST49759443192.168.2.423.56.162.185
                        Oct 1, 2024 22:20:46.456948996 CEST4434975923.56.162.185192.168.2.4
                        Oct 1, 2024 22:20:46.457165003 CEST49759443192.168.2.423.56.162.185
                        Oct 1, 2024 22:20:46.457173109 CEST4434975923.56.162.185192.168.2.4
                        Oct 1, 2024 22:20:46.509366035 CEST49759443192.168.2.423.56.162.185
                        Oct 1, 2024 22:20:46.564975023 CEST4434975923.56.162.185192.168.2.4
                        Oct 1, 2024 22:20:46.565046072 CEST4434975923.56.162.185192.168.2.4
                        Oct 1, 2024 22:20:46.565125942 CEST49759443192.168.2.423.56.162.185
                        Oct 1, 2024 22:20:46.565500975 CEST49759443192.168.2.423.56.162.185
                        Oct 1, 2024 22:20:46.565521955 CEST4434975923.56.162.185192.168.2.4

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Oct 1, 2024 22:20:45.398658991 CEST4940453192.168.2.41.1.1.1
                        Oct 1, 2024 22:21:57.711818933 CEST53510281.1.1.1192.168.2.4

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Oct 1, 2024 22:20:45.398658991 CEST192.168.2.41.1.1.10x3aafStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Oct 1, 2024 22:20:45.406469107 CEST1.1.1.1192.168.2.40x3aafNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

                        HTTP Request Dependency Graph

                        • armmf.adobe.com

                        HTTPS Proxied Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.44975923.56.162.1854431612C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        TimestampBytes transferredDirectionData
                        2024-10-01 20:20:46 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                        Host: armmf.adobe.com
                        Connection: keep-alive
                        Accept-Language: en-US,en;q=0.9
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                        Sec-Fetch-Site: same-origin
                        Sec-Fetch-Mode: no-cors
                        Sec-Fetch-Dest: empty
                        Accept-Encoding: gzip, deflate, br
                        If-None-Match: "78-5faa31cce96da"
                        If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                        2024-10-01 20:20:46 UTC198INHTTP/1.1 304 Not Modified
                        Content-Type: text/plain; charset=UTF-8
                        Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                        ETag: "78-5faa31cce96da"
                        Date: Tue, 01 Oct 2024 20:20:46 GMT
                        Connection: close


                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:16:20:31
                        Start date:01/10/2024
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Invoice #23078.pdf"
                        Imagebase:0x7ff6bc1b0000
                        File size:5'641'176 bytes
                        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:1
                        Start time:16:20:32
                        Start date:01/10/2024
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                        Imagebase:0x7ff74bb60000
                        File size:3'581'912 bytes
                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:3
                        Start time:16:20:32
                        Start date:01/10/2024
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1744,i,16956642348696961776,15655649527562002610,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                        Imagebase:0x7ff74bb60000
                        File size:3'581'912 bytes
                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        Disassembly

                        No disassembly